swiftclient logs sensitive info in http requests
Bug #1516692 reported by
Anna Sortland
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-swiftclient |
Fix Released
|
Critical
|
Joel Wright |
Bug Description
swiftclientlogs sensitive info in headers when logging http requests in debug mode.
swiftclient/
swiftclient should hash sensitive info in headers such as 'X-Auth-Token' and 'X-Subject-Token'.
For examples, see keystoneclient (https:/
Changed in swift: | |
assignee: | nobody → Bing Hu (hubingsh) |
status: | New → In Progress |
no longer affects: | swift |
Changed in python-swiftclient: | |
assignee: | nobody → Bing Hu (hubingsh) |
status: | New → In Progress |
Changed in python-swiftclient: | |
importance: | Undecided → Critical |
Changed in python-swiftclient: | |
assignee: | Bing Hu (hubingsh) → nobody |
To post a comment you must log in.
For swift, different from other projects in OpenStack, there would be another sensitive header "X-Storage-Token", if you use the V1 Auth API.